| Hi, I am testing the usage of Project-based matrix using permissions inheritance.
The result of the testing is not matching the expected behaviour, I am unaware if it's a bug or something I am missing. This are the steps I did and what happened vs what I expected: 1. On Manage Jenkins -> Configure Global Security I setup Project-based Matrix Authorization Strategy and Access Control for Builds with the Authorise Project plugin as following: See Screen Shot 2019-11-27 at 09.23.09.png (users michel and zanini have only read permissions).
See Screen Shot 2019-11-27 at 09.23.25.png (I have configured to run all builds with the user michel). 2. I created a test project on root of Jenkins. When I run it, I get a build blocked as there is no permissions for user michel, and that works as expected. See Screen Shot 2019-11-27 at 09.23.52.png. 3. Now I open the test project and enable project based security for it. Then I change to use the inheritance strategy to not import global permissions and select that the user michel has ALL permissions for this job. See Screen Shot 2019-11-27 at 09.24.14.png. When I run the job, I would expect michel to be able to run it, as I specified that this user can do everything with the job locally at the job level. But what happens is the same as before, user can't build the job.
4. I then make changes to ** global permissions to add build permission for both users, like in Screen Shot 2019-11-27 at 09.37.33.png. Now the job can build like in Screen Shot 2019-11-27 at 09.38.41.png. 5. I then configure for this job to run as zanini user like in Screen Shot 2019-11-27 at 09.39.24.png. Now I would expect the job not to run and be blocked, because I configured the job to block global inheritance, and locally is only configured for michel. But the job runs with the user fully.
It seems that only global permissions are being looked at and local job permissions are not. Is this correct? What I am missing here? Thanks. |
